summaryrefslogtreecommitdiff
path: root/lib/response.js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix CSP for disqus and Google AnalyticsSheogorath2018-03-301-1/+2
| | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-251-44/+44
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove and replace all note id compression in LZString with base64urlMax Wu2018-02-261-6/+5
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix to show 500 message when got error in parseNoteIdMax Wu2018-02-171-1/+2
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix ldap provider name in templateSheogorath2018-01-261-0/+2
| | | | | | | | Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-221-1/+2
|\ | | | | Implement basic CSP support
| * CSP: Add nonce to slide view inline JSLiterallie2017-10-221-1/+2
| |
* | Merge pull request #673 from fooker/masterChristoph (Sheogorath) Kern2018-01-201-1/+2
|\ \ | | | | | | Allow posting new note with content
| * | Allow posting new note with contentDustin Frisch2018-01-181-1/+2
| | | | | | | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* | | Add option to enable `freely` permission in closed instanceDario Ernst2018-01-201-0/+2
|/ / | | | | | | | | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* | Fix file permission, remove useless executablePeter Dave Hello2017-12-141-0/+0
| |
* | Initial support for SAML authenticationNorihito Nakae2017-11-281-0/+2
| |
* | Fix mattermost breaking notesSheogorath2017-10-311-0/+1
| |
* | Add mattermost authenticationChristoph Witzany2017-10-311-0/+1
| |
* | Adds 403 response if PDF export is disabledgeekyd2017-10-251-1/+6
| |
* | Adds PDF export via configgeekyd2017-10-251-1/+3
|/
* Fix slide might not provide slideOptions metaWu Cheng-Han2017-06-051-1/+1
|
* check if reveal theme existsbutlerx2017-06-011-1/+2
|
* add the ability to set slide theme in slide optionsbutlerx2017-05-311-0/+1
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-16/+16
| | | | | * Separate different config source to each files * Freeze config object
* refactor: Remove `require` extension filenameBoHong Li2017-05-081-2/+2
|
* Use strict mode in all backend filesBoHong Li2017-03-141-0/+1
| | | | add ‘use strict’ in all backend file
* Use JavaScript Standard StyleBoHong Li2017-03-081-547/+539
| | | | | Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code.
* Refactor checkViewPermission to fix limited & protected permission check bug ↵Wu Cheng-Han2017-01-161-3/+3
| | | | and fix code style
* Fix missing config in hackmd responseWu Cheng-Han2017-01-161-1/+2
|
* Add `allowemailregister` optionSheogorath2017-01-121-0/+1
|
* Merge pull request #313 from elct9620/feature/disable_anonymous_viewMax Wu2017-01-101-2/+7
|\ | | | | WIP: Add options to limit anonymous view note
| * Add limited and protected permission蒼時弦也2017-01-101-2/+7
| |
| * Recovery tariling spaces蒼時弦也2017-01-101-2/+2
| |
| * Remove temporary change蒼時弦也2017-01-101-3/+0
| |
| * Fix anonymouse view permission check蒼時弦也2017-01-051-1/+4
| |
| * Add limit for constrain anonymous view note蒼時弦也2017-01-051-3/+3
| |
* | Merge pull request #279 from alecdwm/ldap-authMax Wu2017-01-091-0/+2
|\ \ | |/ |/| Support for LDAP server authentication
| * Initial support for LDAP server authenticationalecdwm2016-12-131-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale
* | Fix and refactor extracting content using metaMarked directly might lead in ↵Wu Cheng-Han2017-01-041-45/+14
| | | | | | | | invalid object
* | Fix yaml metadata description not able to showWu Cheng-Han2017-01-021-3/+3
| |
* | Remove LZString compression for data storageWu Cheng-Han2017-01-021-7/+7
| |
* | Fixed typo: anonmyousFlorian Rhiem2016-12-211-3/+3
| |
* | Add support of allow free url config option with correspond modificationsWu Cheng-Han2016-12-161-2/+9
| |
* | Add support of allow anonymous config option with correspond modificationsWu Cheng-Han2016-12-151-0/+4
|/
* Update to support optional email register and signinWu Cheng-Han2016-12-021-6/+10
|
* Update to auto generate meta description based on content in publish note ↵Wu Cheng-Han2016-11-261-7/+14
| | | | and slide
* Fix possible XSS in yaml-metadata and turn using ejs escape syntax than ↵Wu Cheng-Han2016-11-261-5/+2
| | | | external lib [Security Issue]
* Fix slide might trigger script when processing markdown which cause XSS ↵Wu Cheng-Han2016-11-261-11/+1
| | | | [Security Issue]
* Update to improve history api error and bad request handlingWu Cheng-Han2016-10-101-0/+3
|
* Update to allow CORS as API on revision actionsWu Cheng-Han2016-10-101-0/+14
|
* Update to support showing owner on the infobarWu Cheng-Han2016-10-101-0/+6
|
* Update to prevent caching and crawling statusWu Cheng-Han2016-09-181-1/+1
|
* Update to use proper way to render view and fix upload image error should ↵Wu Cheng-Han2016-08-191-74/+19
| | | | response with code
* Add info api for noteWu Cheng-Han2016-08-191-0/+32
|